Releases: simp/pupmod-simp-auditd
Releases · simp/pupmod-simp-auditd
Release of 8.3.0
* Thu Apr 25 2019 Trevor Vaughan <[email protected]> - 8.3.0-0 - Added a `custom` audit profile that accepts either an Array of rules or a template path for ease of setting full rulesets via Hiera. - Updated all module components for `puppet strings` - Fixed the README - Added a REFERENCE.md - Refactored the filename logic in the base profiles to be simpler - Converted the rule template to EPP - Converted the rotated_audit_logs template to EPP - Converted STIG audit profile template to EPP - Converted SIMP audit profile template to EPP
Release of 8.2.1
8.2.1
This tag was signed with the committer’s verified signature.
trevor-vaughan
Trevor Vaughan
* Ensure that space_left is always larger than admin_space_left * Add management of the /etc/audit directory in addition to /etc/audit/rules.d * Remove use of deprecated Puppet 3 simplib functions
Release of 8.2.0
8.2.0
This tag was signed with the committer’s verified signature.
trevor-vaughan
Trevor Vaughan
* Mon Mar 04 2019 Liz Nemsick <[email protected]> - 8.2.0-0 - Expanded the upper limit of the stdlib Puppet module version - Updated a URL in the README.md * Tue Jan 15 2019 Trevor Vaughan <[email protected]> - 8.2.0-0 - Allow users to optimize their audit processing by only collecting on specific SELinux types * Fri Jan 11 2019 Adam Yohrling <[email protected]> - 8.2.0-0 - Add restorecon audit for STIG profile * Fri Nov 16 2018 Trevor Vaughan <[email protected]> - 8.2.0-0 - Update to remove potentially redundant test code and use the updated simp-beaker-helpers
Release of 8.1.1
8.1.1
This tag was signed with the committer’s verified signature.
trevor-vaughan
Trevor Vaughan
Changed the auditd service to use the native provider so that it can properly be enabled. Also fell back to using the 'service' command since EL 7 systems don't properly respond to systemctl management of auditd
Release of 8.1.0
8.1.0
This tag was signed with the committer’s verified signature.
trevor-vaughan
Trevor Vaughan
* Allow users to opt-out of hooking the audit dispatchers into the SIMP rsyslog module using `auditd::config::audisp::syslog::rsyslog = false` or, alternatively, setting `simp_options::syslog = false`. * Add a `write_logs` opttion to the `auditd_class` and multiplex between the `log_format = NOLOG` setting and `write_logs = false` since there were breaking changes in these settings after `auditd` version `2.6.0`. * Add support for `log_format = ENHANCED` for `auditd` version >= `2.6.0`. Older versions will simply fall back to `RAW`.
Release 8.0.1
8.0.1
This tag was signed with the committer’s verified signature.
The key has expired.
trevor-vaughan
Trevor Vaughan
Allow lowercase values for several parameters in accordance with the man pages and SCAP expectations
Release of 8.0.0
8.0.0
This tag was signed with the committer’s verified signature.
The key has expired.
trevor-vaughan
Trevor Vaughan
- Thu Jun 21 2018 Liz Nemsick [email protected] - 8.0.0-0
- Added ability to select one or more audit profiles. When multiple
profiles are selected, their rules are effectively concatenated in
the order in which the profiles are listed in
auditd::default_audit_profiles. - The following API Changes were made in support of multiple audit
profiles:- $::auditd::$default_audit_profile has been deprecated by
$::auditd::$default_audit_profiles - auditd::config and auditd::config::audit_profiles::simp classes are
now private. In the unlikely event that you included just these
classes in your manifest, you must now include auditd instead. - The following auditctl global configuration options that were in
auditd::config::audit_profiles::simp are now in the auditd class,
instead: $ignore_errors, $ignore_anonymous, $ignore_system_services,
and $ignore_crond. They were moved because they are now applied to
the set of audit profiles selected, not just the 'simp' audit
profile. - The following auditd::config::audit_profiles::simp class parameters
have been deprecated for clarity:- $audit_sudoers has been deprecated by $audit_cfg_sudoers
- $audit_sudoers_tag has been deprecated by $audit_cfg_sudoers
- $audit_grub has been deprecated by $audit_cfg_grub
- $audit_grub_tag has been deprecated by $audit_cfg_grub_tag
- $audit_yum has been deprecated by $audit_cfg_yum
- $audit_yum_tag has been deprecated by $audit_cfg_yum_tag
- Some previously hard-coded, internal configuration is now exposed
as data-in-modules.
- $::auditd::$default_audit_profile has been deprecated by
- Added 'stig' audit profile which manages rules that match DISA STIG
checks, exactly.- For executables explicitly listed in the RHEL7 STIG, includes watchs
for binaries in the real paths (/usr/bin, /usr/sbin) and linked paths
(/bin, /sbin). This is to address inconsistencies among the STIG and
the Inspec and OSCAP scans. (All should use the real paths, but don't.)
- For executables explicitly listed in the RHEL7 STIG, includes watchs
- Fixed bugs in 'simp' audit profile
- Fixed umask syscall rules. These rules require arch filters.
- Fixed clock_settime syscall rules. Per the sample STIG audit rules
packaged in the auditd RPM, these rules require an 'a0' filter. - Fixed bug in which /var/log/tallylog was grouped with session
instead of logins. - Fixed bug in which the /etc/pam.d watch rule had the wrong tag
- Updated 'simp' audit profile settings for DISA STIG.
- Expanded the list of successful syscall operations audited.
- Expanded the list of module syscall operations audited
- Added an option to monitor selinux commands, (i.e., chcon,
semanage, setfiles, setsebool) - Added an option to audit the execution of password commands
('passwd', 'unix_chkpwd', 'gpasswd', 'chage', 'userhelper') - Added an option to audit the execution of privilege-related
commands ('su', 'sudo', 'newgrp', 'chsh', 'sudoedit') - Added an option to audit the execution of postfix-related commands
('postdrop', 'postqueue') - Added an option to audit the execution of the 'ssh-keysign' command
- Added an option to audit the execution of the 'crontab' command
- Added an option to audit the execution of the 'pam_timestamp_check'
command - Added an option to audit the execution of rename/remove operations
for non-service users (rename', 'renameat', rmdir', 'unlink', and
'unlinkat') - Added watch rules for /etc/hostname and /etc/NetworkManager (for
centos7) pulled from the sample STIG audit rules packaged in the
auditd RPM. - For executables explicitly listed in the RHEL7 STIG, includes watchs
for binaries in the real paths (/usr/bin, /usr/sbin) and linked paths
(/bin, /sbin). This is to address inconsistencies among the STIG and
the Inspec and OSCAP scans. (All should use the real paths, but don't.)
- Added ability to select one or more audit profiles. When multiple
Release of 7.1.3
* Mon Mar 26 2018 Liz Nemsick <[email protected]> - 7.1.3-0 - Work around RPM upgrade issue with nodeset link in compliance acceptance test suite. * Tue Jan 09 2018 Nick Markowski <[email protected]> - 7.1.3-0 - Updated compliance suite to use new inspec profile, https://github.com/simp/inspec-profile-disa_stig-el7 - Removed the el6 nodeset from the compliance suite; there are no simp-supported el6 inspec profiles at this time. - Ensured git installed as it's a dependency of our inspec profiles
Release of 7.1.2
* Mon Nov 13 2017 Nick Miller <[email protected]> - 7.1.2-0 - /var/run/faillock should be tagged under 'login'
Release of 7.1.1
* Thu Aug 31 2017 Trevor Vaughan <[email protected]> - 7.1.1-0 - Adjust audit.rules mode per inspec testing